** Changed in: keystone Status: Fix Committed => Fix Released ** Changed in: keystone Milestone: None => kilo-3
-- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1398347 Title: LDAP backend should do filtered query instead of getting all data and then filtering Status in OpenStack Identity (Keystone): Fix Released Bug description: When I want to find entity (group/user) by name (using /v3/users?name=MyUser or /v3/groups?name=MyGroup) LDAP gets all data associated to entity (for example whole users database) and then filter it. It should do filtering on query level in my opinion. It is very useful when having huge LDAP catalog. How it works now: If I want find user with name: MyUser... 1. Keystone queries LDAP in user_tree_dn for all user_filter matching entities 2. Filters out user (MyUser) I am looking for How it should work: If I want find user with name: MyUser... 1. Keystone queries LDAP in user_tree_dn for user matching both user_filter and ({user_name_attribute}=MyUser) {user_name_attribute} is of course from keystone.conf or keystone.domainName.conf This approach reduces data downloaded from LDAP and allows to have very large users database without shrinking it down by user_filter (no always possible) or using paging (also not always possible). I heard that there was some effort to move filtering into query level but status is unknown. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1398347/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp